From 90a97f5333e82e302f487b060076a8c0ceaf6259 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 19 Jun 2014 12:11:14 +0200 Subject: split bigcouch stunnel from plain couch stunnel --- .../site_couchdb/manifests/bigcouch/stunnel.pp | 89 ++++++++++++++++++++++ puppet/modules/site_couchdb/manifests/stunnel.pp | 81 ++------------------ 2 files changed, 95 insertions(+), 75 deletions(-) create mode 100644 puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp b/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp new file mode 100644 index 00000000..5166ba93 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp @@ -0,0 +1,89 @@ +class site_couchdb::bigcouch::stunnel { + + $stunnel = hiera('stunnel') + + include site_config::x509::cert + include site_config::x509::key + include site_config::x509::ca + + include x509::variables + $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" + $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" + $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" + + + # Erlang Port Mapper Daemon (epmd) stunnel server/clients + $epmd_server = $stunnel['epmd_server'] + $epmd_server_accept = $epmd_server['accept'] + $epmd_server_connect = $epmd_server['connect'] + $epmd_clients = $stunnel['epmd_clients'] + + # Erlang Distributed Node Protocol (ednp) stunnel server/clients + $ednp_server = $stunnel['ednp_server'] + $ednp_server_accept = $ednp_server['accept'] + $ednp_server_connect = $ednp_server['connect'] + $ednp_clients = $stunnel['ednp_clients'] + + + # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for + # bigcouch clustering between each bigcouchdb node + stunnel::service { 'epmd_server': + accept => $epmd_server_accept, + connect => $epmd_server_connect, + client => false, + cafile => $ca_path, + key => $key_path, + cert => $cert_path, + verify => '2', + pid => '/var/run/stunnel4/epmd_server.pid', + rndfile => '/var/lib/stunnel4/.rnd', + debuglevel => '4', + require => [ + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ]; + } + + # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect + # to the above epmd stunnel server. + $epmd_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + } + + create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults) + + # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary + # for bigcouch clustering between each bigcouchdb node + stunnel::service { 'ednp_server': + accept => $ednp_server_accept, + connect => $ednp_server_connect, + client => false, + cafile => $ca_path, + key => $key_path, + cert => $cert_path, + verify => '2', + pid => '/var/run/stunnel4/ednp_server.pid', + rndfile => '/var/lib/stunnel4/.rnd', + debuglevel => '4', + require => [ + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ]; + } + + # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect + # to the above ednp stunnel server. + $ednp_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + } + + create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults) + + include site_check_mk::agent::stunnel +} diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 91f1e3aa..484a0c00 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -1,29 +1,21 @@ class site_couchdb::stunnel { $stunnel = hiera('stunnel') + $couchdb_config = hiera('couch') + $couchdb_bigcouch = $couchdb_config['mode'] == "multimaster" $couch_server = $stunnel['couch_server'] $couch_server_accept = $couch_server['accept'] $couch_server_connect = $couch_server['connect'] - # Erlang Port Mapper Daemon (epmd) stunnel server/clients - $epmd_server = $stunnel['epmd_server'] - $epmd_server_accept = $epmd_server['accept'] - $epmd_server_connect = $epmd_server['connect'] - $epmd_clients = $stunnel['epmd_clients'] - - # Erlang Distributed Node Protocol (ednp) stunnel server/clients - $ednp_server = $stunnel['ednp_server'] - $ednp_server_accept = $ednp_server['accept'] - $ednp_server_connect = $ednp_server['connect'] - $ednp_clients = $stunnel['ednp_clients'] - - - include site_config::x509::cert include site_config::x509::key include site_config::x509::ca + if $couchdb_bigcouch { + include site_couchdb::bigcouch::stunnel + } + include x509::variables $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" @@ -47,66 +39,5 @@ class site_couchdb::stunnel { Class['Site_config::X509::Ca'] ]; } - - # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for - # bigcouch clustering between each bigcouchdb node - stunnel::service { 'epmd_server': - accept => $epmd_server_accept, - connect => $epmd_server_connect, - client => false, - cafile => $ca_path, - key => $key_path, - cert => $cert_path, - verify => '2', - pid => '/var/run/stunnel4/epmd_server.pid', - rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4', - require => [ - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ]; - } - - # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect - # to the above epmd stunnel server. - $epmd_client_defaults = { - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, - } - - create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults) - - # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary - # for bigcouch clustering between each bigcouchdb node - stunnel::service { 'ednp_server': - accept => $ednp_server_accept, - connect => $ednp_server_connect, - client => false, - cafile => $ca_path, - key => $key_path, - cert => $cert_path, - verify => '2', - pid => '/var/run/stunnel4/ednp_server.pid', - rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4', - require => [ - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ]; - } - - # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect - # to the above ednp stunnel server. - $ednp_client_defaults = { - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, - } - - create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults) - include site_check_mk::agent::stunnel } -- cgit v1.2.3 From b286f81dd29404b64494dab3fe1e7a2bec1c9c46 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 19 Jun 2014 12:29:30 +0200 Subject: separate bigcouch specifics from init.pp --- puppet/modules/site_couchdb/manifests/bigcouch.pp | 20 ++++++++++++++++++++ puppet/modules/site_couchdb/manifests/init.pp | 21 ++++----------------- 2 files changed, 24 insertions(+), 17 deletions(-) create mode 100644 puppet/modules/site_couchdb/manifests/bigcouch.pp diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp new file mode 100644 index 00000000..a3f6db2c --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -0,0 +1,20 @@ +class site_couchdb::bigcouch { + + $bigcouch_config = $couchdb_config['bigcouch'] + $bigcouch_cookie = $bigcouch_config['cookie'] + + $ednp_port = $bigcouch_config['ednp_port'] + + Class['site_config::default'] + -> Class['site_couchdb::bigcouch::add_nodes'] + -> Class['site_couchdb::bigcouch::settle_cluster'] + + include site_couchdb::bigcouch::add_nodes + include site_couchdb::bigcouch::settle_cluster + include site_couchdb::bigcouch::compaction + include site_shorewall::couchdb::bigcouch + + file { '/var/log/bigcouch': + ensure => directory + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 3614661d..22d6ef45 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -35,14 +35,10 @@ class site_couchdb { $couchdb_webapp_salt = $couchdb_webapp['salt'] $couchdb_backup = $couchdb_config['backup'] - - $bigcouch_config = $couchdb_config['bigcouch'] - $bigcouch_cookie = $bigcouch_config['cookie'] - - $ednp_port = $bigcouch_config['ednp_port'] + $couchdb_bigcouch = $couchdb_config['mode'] == "multimaster" class { 'couchdb': - bigcouch => true, + bigcouch => $couchdb_bigcouch, admin_pw => $couchdb_admin_pw, admin_salt => $couchdb_admin_salt, bigcouch_cookie => $bigcouch_cookie, @@ -63,8 +59,6 @@ class site_couchdb { -> Class['site_couchdb::stunnel'] -> Service['couchdb'] -> File['/root/.netrc'] - -> Class['site_couchdb::bigcouch::add_nodes'] - -> Class['site_couchdb::bigcouch::settle_cluster'] -> Class['site_couchdb::create_dbs'] -> Class['site_couchdb::add_users'] @@ -95,24 +89,17 @@ class site_couchdb { } include site_couchdb::stunnel - include site_couchdb::bigcouch::add_nodes - include site_couchdb::bigcouch::settle_cluster include site_couchdb::create_dbs include site_couchdb::add_users include site_couchdb::designs include site_couchdb::logrotate - include site_couchdb::bigcouch::compaction - if $couchdb_backup { include site_couchdb::backup } + if $couchdb_bigcouch { include site_couchdb::bigcouch } + if $couchdb_backup { include site_couchdb::backup } include site_shorewall::couchdb - include site_shorewall::couchdb::bigcouch include site_check_mk::agent::couchdb include site_check_mk::agent::tapicero - file { '/var/log/bigcouch': - ensure => directory - } - } -- cgit v1.2.3 From ae3ad84bdf646ddb3c8da9258201307ede65ea41 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 19 Jun 2014 20:01:20 +0200 Subject: set mirror option if we are on a couch mirror --- puppet/modules/tapicero/manifests/init.pp | 1 + puppet/modules/tapicero/templates/tapicero.yaml.erb | 2 ++ 2 files changed, 3 insertions(+) diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp index af1a96ac..1db75eb0 100644 --- a/puppet/modules/tapicero/manifests/init.pp +++ b/puppet/modules/tapicero/manifests/init.pp @@ -12,6 +12,7 @@ class tapicero { $couchdb_soledad_user = $couchdb_users['soledad']['username'] $couchdb_leap_mx_user = $couchdb_users['leap_mx']['username'] + $couchdb_mirror = $couchdb['mode'] == 'mirror' Class['site_config::default'] -> Class['tapicero'] diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb index 8e19b22f..3a5f821e 100644 --- a/puppet/modules/tapicero/templates/tapicero.yaml.erb +++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb @@ -24,6 +24,7 @@ log_level: info options: # prefix for per user databases: db_prefix: "user-" + mirror: <%= @couchdb_mirror %> # security settings to be used for the per user databases security: @@ -40,3 +41,4 @@ options: - <%= @couchdb_leap_mx_user %> roles: [] + -- cgit v1.2.3 From 9034a2eb1fdec68d46aa0d1ea2720409a7312f35 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 19 Jun 2014 20:02:02 +0200 Subject: first steps towards mirroring couch --- puppet/modules/site_couchdb/manifests/bigcouch.pp | 6 +-- .../site_couchdb/manifests/bigcouch/add_nodes.pp | 2 +- puppet/modules/site_couchdb/manifests/init.pp | 6 ++- puppet/modules/site_couchdb/manifests/mirror.pp | 61 ++++++++++++++++++++++ 4 files changed, 69 insertions(+), 6 deletions(-) create mode 100644 puppet/modules/site_couchdb/manifests/mirror.pp diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp index a3f6db2c..97c8cd12 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -1,9 +1,9 @@ class site_couchdb::bigcouch { - $bigcouch_config = $couchdb_config['bigcouch'] - $bigcouch_cookie = $bigcouch_config['cookie'] + $config = $::site_couchdb::couchdb_config['bigcouch'] + $cookie = $config['cookie'] - $ednp_port = $bigcouch_config['ednp_port'] + $ednp_port = $config['ednp_port'] Class['site_config::default'] -> Class['site_couchdb::bigcouch::add_nodes'] diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp index 97e85785..c8c43275 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp @@ -1,6 +1,6 @@ class site_couchdb::bigcouch::add_nodes { # loop through neighbors array and add nodes - $nodes = $::site_couchdb::bigcouch_config['neighbors'] + $nodes = $::site_couchdb::bigcouch::config['neighbors'] couchdb::bigcouch::add_node { $nodes: require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 22d6ef45..0b923c9f 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -35,7 +35,7 @@ class site_couchdb { $couchdb_webapp_salt = $couchdb_webapp['salt'] $couchdb_backup = $couchdb_config['backup'] - $couchdb_bigcouch = $couchdb_config['mode'] == "multimaster" + $couchdb_mode = $couchdb_config['mode'] class { 'couchdb': bigcouch => $couchdb_bigcouch, @@ -94,7 +94,9 @@ class site_couchdb { include site_couchdb::designs include site_couchdb::logrotate - if $couchdb_bigcouch { include site_couchdb::bigcouch } + if $couchdb_mode == "multimaster" { include site_couchdb::bigcouch } + if $couchdb_mode == "mirror" { include site_couchdb::mirror } + if $couchdb_backup { include site_couchdb::backup } include site_shorewall::couchdb diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp new file mode 100644 index 00000000..708171e4 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/mirror.pp @@ -0,0 +1,61 @@ +class site_couchdb::mirror { + + # Couchdb databases + + $from = $site_couchdb::couchdb_config['replication']['masters'][0] + + ### customer database + couchdb::mirror_db { 'customers': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## identities database + couchdb::mirror_db { 'identities': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## keycache database + couchdb::mirror_db { 'keycache': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## sessions database + couchdb::mirror_db { 'sessions': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## shared database + couchdb::mirror_db { 'shared': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## tickets database + couchdb::mirror_db { 'tickets': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## tokens database + couchdb::mirror_db { 'tokens': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## users database + couchdb::mirror_db { 'users': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + + ## messages db + couchdb::mirror_db { 'messages': + from => $from, + require => Couchdb::Query::Setup['localhost'] + } + +} -- cgit v1.2.3